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Abstract. Refinement types are a well-studied manner of performing 
in-depth analysis on functional programs. The dependency pair method 
is a very powerful method used to prove termination of rewrite systems; 
however its extension to higher-order rewrite systems is still the subject 
of active research. We observe that a variant of refinement types allows 
us to express a form of higher-order dependency pair method: from the 
rewrite system labeled with typing information, we build a type-level 
approximated dependency graph, and describe a type level embedding- 
order. We describe a syntactic termination criterion involving the graph 
and the order, and prove our main result: if the graph passes the criterion, 
then every well-typed term is strongly normalizing. 



1 Introduction 

Types are used to perform static analysis on programs. Various type systems have 
been developed to infer information about termination, run-time complexity, or 
the presence of uncaught exceptions. 

We are interested in one such development, namely dependent types |McKQ6IBru68) . 
Dependent types explicitly allow "object level" terms to appear in the types, and 
can express arbitrarily complex program properties using the so called Curry- 
Howard isomorphism. We are particularly interested here in refinement types 
|XS98IFP91) . For a given base type B and a property P on programs, we may 
form a type R which is a refinement of B and which is intuitively given the 
semantics: 

R^{t:B\Pif)} 

Programing languages based on dependent type systems have the reputation 
of being unwieldy, due to the perceived weight of proof obligations in heavily 
specified types. The field of dependently typed programing can be seen as a 
quest to find the compromise between expressivity of types and ease of use for 
the programmer. 

Dependency pairs are a highly successful technique for proving termination of 
first-order rewrite systems [AGOOj . However, without modifications, it is difficult 
to apply the method to higher-order rewrite systems. Indeed, the data-fiow of 
such systems is significantly different than that of first-order ones. Let us examine 
the rewrite rule: 



/ (S x) ^ (Ay.f y) x 

The termination of well-typed terms under this rewrite system combined with 
j8-reduction cannot be inferred by simply looking at the left-hand side / (S x) and 
the recursive call / y in the right hand side as it could be in first-order rewriting. 
Here we need to infer that the variable y can only be instantiated by a subterm of 
S X. This can be done using dependent types, using a framework called size-based 
termination or sometimes type-based termination [HPS96.A be04 BFG^04 B la04iBR06j . 

The dependency pair method rests on the examination of the aptly-named 
dependency pairs, which correspond to left-hand sides of rules and function calls 
with their arguments in the right-hand side of the rules. For instance with a rule 

/(c(x,y),z) ^ g(f(x,y)) 

We would have two dependency pairs, the pair f(c(x,y),z) f(x,y) and the pair 
fic(x,y),z) ^ gif(x,y)). 

We can then define a chain to be a pair (0, <p) of substitutions, and a couple 
(fi u\,t2 -> M2) of dependency pairs such that u\0 ->* f20. We may connect 
chains in an intuitive manner, and the fundamental theorem of dependency pairs 
may be stated: a (first-order) rewrite system is terminating if and only if there 
are no infinite chains. Sec also the original article |AGOO| for details. 

To prove that no infinite chains exist, one wants to work with the dependency 
graph: the graph built using the dependency pairs as nodes and with a vertex be- 
tween A^i - t\ Ml and N2 - t2 ^ U2 if there exist 6 and (p such that (0, (f>), (Ni,N2) 
form a chain. It is then shown that if the system is finite, then it is sufficient 
to consider only the cycles in this graph and prove that they may not lead to 
infinite chains f GAO02) . It is known that in general computing the dependency 
graph is undecidable (this is the unification modulo rewriting problem, see e.g. 
Jouannaud et al . |JKK83] ). so in practice we compute an approximation (or 
estimation) of the graph that is conservative: all edges in the dependency graph 
are sure to appear in the approximated graph. One common (see for instance 
Giesl |GTSKF06j ) and reasonable approximation is to perform ordinary unifi- 
cation on non-defined symbols (that is, symbols that are not at the head of a 
left-hand side), while replacing each subterm headed by a defined symbol by a 
fresh variable, ensuring that it may unify with any other term. 

In this article, we show that the dependency pair technique with the ap- 
proximated dependency graph can be modeled using a form of refinement types 
containing patterns which denote sets of possible values to which a term reduces. 
These type-patterns must be explicitly abstracted and applied, a choice that al- 
lows us to have very simple type inference. This allows us to build a notion of 
type-based dependency pair for higher-order rewrite rules, as well as an approx- 
imated dependency graph which corresponds to the estimation described above. 
We describe an order on the type annotations, that essentially capture the sub- 
term ordering, and use this order to express a decrease condition along cycles in 
the approximated dependency graph. We then state the correctness of the crite- 
rion: if in every strongly connected component of the graph and every cycle in the 



component, the decrease condition holds, then every well- typed term is strongly 
normalizing under the rewrite rules and yS-reduction. The actual operational se- 
mantics are defined not on the terms themselves, but on erased terms in which 
we remove the explicit type information. We then conclude with a comparison 
with other approaches to higher-order dependency pairs and possible extensions 
of our criterion. 

2 Syntecx and Typing Rules 

The language we consider is simply a variant of the A-calculus with constants. 
For simplicity we only consider the datatype of binary (unlabeled) trees. The 
development may be generalized without difficulty to other first-order datatypes, 
i. e. types whose constructors do not have higher-order recursive arguments. We 
define the syntax of patterns 

p,q €p := a \ leaf | node(p, ^) | _ | ± 

With a € a set of pattern variables, and _ is called wildcard. Patterns appear 
in types to describe possible reducts of terms. We define the set of types: 

T,U eT :^ B(p) \ T ^ U \ "rfa.T 

An atomic type is a type of the form B(p). The set of terms of our language 
is defined by: 

t,u€ Trm := X \ f \ t u \ t p \ Ax:T .t \ Xa.t \ Node | Leaf 

With X 6 /V a set of term variables, / e i7 is a set function symbols and a e "V. 
Defined symbols are in lower case. Notice that application and abstraction of 
patterns is explicit. A constructor is either Node or Leaf. A context is a list of 
judgements x: T with x e ?( and T & T, with each variable appearing only once. 

Intuitively, B{p) denotes the set of terms that reduce to some term that 
matches the pattern p. For instance, any binary tree t is in the semantics of 
only binary trees that reduce to Node t\ h for some binary trees t\ and 
t2 are in B(node(_,_)), and only terms that never reduce to a constructor are in 
Our operational semantics are defined by rewriting, which has the following 
consequences, which may be surprising to a programming language theorist: 

— It may be the case that a term t has several distinct normal forms. Indeed we 

do not require our system to be orthogonal, or even confluent (we do require 
it to be finitely branching though). Therefore a term is in the semantics of 
B(node(_,_)) if all its reducts reduce to a term of the form Node t u. 

— It is possible for a term to be stuck in the empty context, that is in normal 
form and not headed by a constructor or an abstraction. Therefore B(±) is 
not necessarily empty even in the empty context. 



We write ;F'V(f) (resp. 'J^'V(T), T'Vir)) for the set of free variables in a term 
t (resp. a type T , a context F). If a term (resp. pattern) does not contain any 
free variables, we say that it is closed. We write Vff.T for Va'i.VQ'2 . . .'ia„.T , and 
arrows and application are associative to the left and right respectively, as usual. 
A pattern variable a appears in B{p) if it appears in p. It appears positively in 
a type T if: 

— T = B{p) and a appears in p 

— T - Ti ^ T2 and a appears positively in T2 or negatively in Ty (or both). 

With a appearing negatively in T \i T - Ti T2 and a appears negatively 
in T2 or positively in Ti (or both). 

We consider a type assignment t: Z T, such that for each f & E, there is 
a number k such that tj = Vcci, . . . , a„.A\ . . . ^ Ak ^ T f with 

— n>k 

— VI < ; < k,ai appears positively in Tf. 

In this case k is called the number of recursive arguments. 

The positivity condition is quite similar to the one used in the usual formu- 
lation of type-based termination, see for instance Abel |Abe06| for an in depth 
analysis. The typing rules are also similar to the ones for type-based termination. 
The typing rules of our system are given by the typing rules in figure [TJ 



r,x: T,A \- x:T 

r,x:Ti-t:U 
r h Ax:T.t:T ^ U 



t-lam 



a i T'V^n ^ ^''l p-lam 



leaf-intro 



r h Leaf :B(leaf) 

node-intro 



r h Node : Va/3.B(a) ^ B(J3) -» B(node(a,/3)) 
r\-t:T r^u-.T 



r\- t u:U 

r h f: Vo-.r 



t-app 



r \- t p: T{a p] 
-p— 7 symb 



p-app 



Fig. 1. Typing Rules 



To these rules we add the subtyping rule: 



Ghf.T 



T <U 



sub 



rt-f.u 



Where the subtyping relation is defined by an order on patterns: 

- p «_ 

- a <sc Q" 

- node <K node 

- /?! «: ^1 A p2 ?2 node(/?i,p2) node(^i,^2) 

- ± <ii p 

For all patterns p, p\, pi,q\,q2- This order is carried to types by: 

^ p^q^ B(p) < B(q) 

- T2<Ti AUi <U2^Ti Ui <T2^ U2 

- T <U ^ Sa.T < "ia.U 

This type system is quite similar to the refinement types described for mini- 
ML by Freeman et al . |FP91j , and is not very distant from generalized algebraic 
datatypes as are implemented in certain Haskell compilers | J VWW06] . though 
subtyping is not present in that framework. 

It may seem surprising that we choose to explicitly represent pattern abstrac- 
tion and application in our system. This choice is justified by the simplicity of 
type inference with explicit parameters. In the author's opinion, implicit argu- 
ments should be handled by the following schema: at the user level a language 
without implicit parameters; these parameters are inferred by the compiler, 
which type-checks a language with all parameters present. Then at run-time 
they are once again erased. This is exactly analogous to a Hindley-Milner type 
language in which System F is used as an intermediate language |Mil78IJM97j . 
It is also our belief that explicit parameters will allow this criterion to be more 
easily integrated into languages with pre-existing dependent types, e.g. Adga 
|Nor07j . Epigram |McK06) or Coq |Coq08| . 

A constructor term Z € X is a term built following the rules: 



with X € X. 

A rewrite rule is a pair of terms (/, r) which we write / -> r, such that / is of the 
form / pi . . . p„ li . . .Ik with f e Z, pi e P and li e X, such that k is the number 
of recursive arguments of /. We suppose that the free variables of r appear in I. 

We suppose in addition that every function symbol g e r is fully applied to 
its pattern arguments, that is if Tg — Vai . . . ai.T then for each occurrence of g in 
r there are patterns p\, . . . ,pi such that g pi ... pi appears at that position. 

In the following we consider a finite set H of rewrite rules. The set 'R is 
well-typed if for each rule I ^ r efi, there is a context F and a type T such that 



luh ^ -C ■- X \ Leaf | Node li h 



'mm 



l:T 



and 

with hmin defined in figure (2] 



ry- r:T 



r,x:B{a),r y^^x:B{tt) 



r h,ni„ Leaf : B(leaf) 
ri-n,i„Node p, p2 h l2-B(node(pi,p2)) 

r l-min h ■ Bjpi) ... r hmi„ k ■ Bipk) 

r I- rain f Pi . . . Pk Pk+i . ■ .Pi h . . - h: Tflp 



air 



With Ty = Vo-i . . . Q-;.Ai — > . . . ^ Aj- — » Ty and 0(q-,) = p, if 1 < ; < A: and (^(ff,) = fij for 
k<i<l. 

Fig. 2. Minimal Typing Rules 



Notice that if F hmin /,■ ; T then T is unique. Minimal typing is present in 
other work on size-based termination |BR09] . in which it is called the •pattern 
condition. The purpose of minimal typing is to constrain the possible types of 
constructor terms in left hand sides. 

We can then define the higher-order analogue of dependency pairs, which use 
type information instead of term information. 

Definition 1 Let p - f p I ^ rhe a. rule in 'R, with r such that F i-„„„ f p l.T, 
and F h r .F. The set of type dependency pains DP-j~(p) is the set 

{/*(/?!,. ..,Pk)^ g\qi,...,qi) I V/,r l-mi„ li-Bipi) Ag qi...qi appears in r} 

The set DPfi'R) is defined as the union of all DP-rip), for p e where we suppose 
that all variables are disjoint between dependency pairs. 

The set of higher-order dependency pairs defined above should already be 
seen as an abstraction of the traditional dependency pair notion (for example 
those defined in [AGOOj ). Indeed, due to subtyping, there may be some informa- 
tion lost in the types, if for instance the wildcard pattern is used. As an example, 
if f,g and h all have type Va.B(a) — » B(_), consider the rule 

f a X -* g _ (h a x) 

The dependency pair we obtain is 

fHx) ^ gH-) 



The information that g is called on the argument h x \s lost. 

This approach can therefore be seen as a type based manner to study an 
approximation of the dependency graph. Note that in the case where h is given 
a more precise type, like B{a) B(leaf), which is the case if every normal form 
of ft f is either neutral or Leaf, we have a more precise approximation. 

Note that, in addition, a dependency pair is not formally a (higher-order) 
rewrite rule, though it may be seen as a first-order one. 

Definition 2 Let p and q be patterns. We say that p and q arc pattern-unifyaMe, 
and write p x ^, if p' and q' are unifyable, where p' and q' are the patterns p 
and q in which each occurrence of _ and each occurrence of a variable is replaced 
by some fresh variable. 

The standard typed dependency graph Qn is defined as the graph with 

— As set of nodes the set DPtCR). 

— An edge between the dependency pairs t -> gKpi, • • • . Pk) and h\qi, . . . ,qi) ^ u 
a g = h, k = I and for every I <i <k, Pi x g,-. 

This definition gives us an adequate higher-order notion of standard approx- 
imated dependency graph. We will now show that it is possible to give an order 
on the terms in the dependency pairs, which is similar to a simplification order 
and which will allow us to show termination of well-typed terms under the rules, 
if the graph satisfies an intuitive decrease criterion. 

Definition 3 We define the embeddeding preorder on P written p > ^ by the 
following rules 

— Pi>q^ node(pi, P2) > ^ for i = 1,2 

— Pi > ?i A />2 & 92 => node(pi, P2) > node(gi, qj) 

— pi>qi A p2> qi ^ node(pi,p2) > node(gi, ^2) 

With > as the reflexive closure of > and with the further condition that ii p>q, 
then p and q may not contain any occurrence of _. 

Non termination can intuitively be traced to cycles in the; dependency graph. 
We wish to consider termination on terms with erased pattern arguments and 
type annotations. 

3 Operational Semantics and the Main Theorem 

Rewriting needs to be performed over terms with erased pattern annotations. 
The problem with the naive definition of rewriting arises when trying to match 
on patterns. Take the rule 



/ node(Q;,jS) (Node xy) -> Leaf 



In the presence of this rule, we wish to have, for instance, the reduction 

/ _ (Node (g x) (h x)) Leaf 

However, there is no substitution such that node(a,yS)6' = _. There are two 
ways to deal with this. Either we take subtyping into account when performing 
matching, or we do away with the pattern arguments when performing reduc- 
tion. We adopt the second solution, as it is used in practice when dealing with 
languages with dependent type annotations (see for example McKinna |McK06| ). 
Symmetrically, we erase pattern abstractions as well. 

Definition 4 We define the set of erased terms 7>ot''' as: 

f, M e 7>m''' := X I / I Ax.t \ t u \ Leaf | Node 

Where x e X and / e T. 

Given a term t 6 Trm, we define the erasure \t\ e Trni}'^ of t as: 



\x\ 


— X 


I/I 


= / 


\Ax:T.t\ 


- Ajc.\t\ 


lAa.fl 


= |f| 


\t u\ 


= |f||«l 


\t P\ 


= |f| 


ILeaf 1 


- Leaf 


1 Node 1 


- Node 



An erased term can intuitively be thought of as the compiled form of a well 
typed term. 

Definition 5 An erased term t head rewrites to a term u if there is some rule 
I ^ r e "R and some substitution cr from X to terms in 7"rm''' such that 

\l\cr — t A \r\cr — u 

We define j6-reduction as 

Ax.t u -^p t[x u] 

And we define the reduction as the closure of head-rewriting and /3-reduction 
by term contexts. We then define ->■* and as the symmetric transitive and 
transitive closure of respectively. 

We can now express our termination criterion. We need to consider the 
strongly connected components, or SCCs of the typed dependency graph. A 
strongly connected component of a graph ^ is a full subgraph such that each 
node is reachable from all the others. 



Theorem 6 Let Q be the typed dependency graph for "R and let Q\,.. be 
the SCCs of Q. Suppose that for each Q,, there is a recursive index t':i7 — > N 
which io f e Z associates an integer \ < l'j < k (with k the number of recursive 
arguments of /) . 

Suppose that for each 1 < ; < n and each rule fHpi, ■ ■ ■ ,p,i) ^ gHqi, - ■ ■ ,qm) 
in we have p^i^ > q^i^. Finally suppose that for each cycle in Qi, there is some 

rule . . . , Pn) g^{q\, ■■■,qm) such that 

then for every F, t, T such that F \- f.T, 

\t\ e SNk 

The proof of this theorem can be found in the appendix. Let us give two 
examples of the application of this technique. 

Example 1 Take the rewrite system given by the signature: {app: VQ-y6.(B(a) — > 
B(J3)) B(a) B(J3),f:B(leaf),g:'ia.B(a) B(leaf)}, . We give the rewrite 
rules: 

app ^ \a/3.Ax:B{a) B{J3).Ay:B(a).x y 
f — > app node(leaf,leaf) leaf (g node(leaf, leaf)) (Node leaf leaf Leaf Leaf) 
g node(a,/5) (Node a j3 x y) ^ Leaf 
g leaf Leaf —> f 

or, in more readable form with pattern arguments and type annotations omit- 
ted: 

app — » Ax.Ay.x y 
f — » app g (Node Leaf Leaf) 
g (Node X y) —> Leaf 
g Leaf ^ / 

It is possible to verify that the criterion can be applied and that in consequence, 
according to theorem[Sl all well typed terms are strongly normalizing under 'RU/3. 

Indeed, we may easily check that each of these rules is minimally typed in 
some context. Furthermore, we can check that the dependency graph in figure[3] 
has no cycles. 

One may object that if we inline the definition of app and perform j0-rcduction 
on the right-hand sides of rules we obtain a rewrite system that can be treated 
with more conventional methods, such as those performed by the AProVe tool 
|GTSK05] (on terms without abstraction, and without y8-reduction) . However 
this operation can be very costly if performed automatically and is, in its most 
naive form, ineffective for even slightly more complex higher-order programs such 
as map, which performs pattern matching and for which we need to instantiate. 




Fig. 3. Dependency graph of example [T] 

By resorting to typing, we allow termination to be proven using only "local" 
considerations, as the information encoding the semantics of app is contained in 
its type. 

However it becomes necessary, if one desires a fully automated termination 
check on an unannotated system, to somehow infer the type of defined constants, 
and possibly perform an analysis quite similar in effect to the one proposed above. 
We believe that to this end one may apply known type inference technology, such 
as the one described in |CK01) . to compute these annotated types. In conclu- 
sion, what used to be a termination problem becomes a type inference problem, 
and may benefit from the knowledge and techniques of this new community, as 
well as facilitate integration of these techniques into type-theoretic based proof 
assistants like Coq |Coq08| . 

Let us examine a second, slightly more complex example, in which there is 
"real" recursion. 



Example 2 Let "R be the rewrite system defined by 



/ (Node X y) ^ 

g (Node X y) — > 

g Leaf 

i (Node X y) ^ 

i Leaf 

h (Node jc y) — > 



g (i (Node X y) 

f a X) 

f (h Leaf) 
Node (i x) (i y) 
Leaf 
h X 



Again with the type arguments omited, and with types f,g:Va.B(a) — > B(_), 
h: ^a.Bia) — > B(±) and /: 'ia.B{a) — > B{a). Every equation can by typed in the 
context 7" — x: B(a),y: B(J3), The system with full type annotations is given in 
the appendix. 

The dependency graph is given in figure[31 and has as SCCs the full subgraphs 
of g-R with nodes {/'*(node(a,y8)) ^ /*(a), /»(node(a,/3)) ^ /»(/?)), {/*(node(a,;8)) ^ 
g'*(node(a,j6),g*(node(a,j6) -> /"(a)} and {/i'*(node(a,j6)) h^(a)} respectively. 



Taking — 1 for every SCC and every symbol s e Z, it is easy to show that 
every SCC respects the decrease criterion on cycles. For example, in the cycle 

/(nodeCa,/?)) gHnode(a,/3)) ±^ gHnode(a,P)) ^ fHa) 

we have node(Q;,/3)>node(Qr,/3) and node(ci',j0)>Q', so the cycle is weakly decreasing 
with at least one strict decrease. 

We may then again apply the correctness theorem to conclude that the era- 
sure of all well-typed terms are strongly normalizing with respect to "RD f3. 




Fig. 4. The dependency graph for example [5] 

Note that the minimality condition is important: otherwise one could take 
/: \/a/3.B(a) B(J3) B(_) with the rule 

/ node(leaf, leaf) leaf jc y ^ / leaf leaf yy 

This rule can be typed in the context x: B(node(leaf, leaf)),y : B(leaf), but not 
minimally typed, and passes the termination criterion: the dependency graph is 
without cycles, as node(leaf, leaf) does not unify with leaf. However, this system 
leads to the non terminating reduction / Leaf Leaf / Leaf Leaf. 

4 Comparison, future work 

Several extensions of dependency pairs to different forms of higher-order rewrit- 
ing have been proposed |KISB09IEla06IGTSK05ISK05IAY05j . However, these 
frameworks do not handle the presence of bound variables, for which the usual 
approach is to defunctionalize (also called lambda-lifting) [DN01IJoh85) . 

In particular, all the techniques cited above, when applied to example [U 
where we replace the rule app — > Ax.Ay.x y with the rule app x y ^ x y (which 



does not involve bound variables), generate a dependency graph with cycles. For 
example, in Sakai & Kusakari |SK05j . using the SN framework the dependency 
graph is: 




/[] ^ gU /[] ^ app[g, Node[Leaf, Leaf]] g[Leaf] ^ /[] 




It is of course possible to prove that there are no infinite chains for this 
problem (the criterion is complete), but we have not much progressed from the 
initial formulation! 

Using the SC-framework from the same paper, which is based on computabil- 
ity (as is our framework), we obtain the following graph: 




/[] ^ glz] /[] ^ app[g, Node[Leaf, Leaf]] ^[Leaf] ^ /[] 




However it is not possible to prove that there are no infinite chains for this 
problem, as there is one! Therefore the criterion presented in this paper allows 
a finer analysis of the possible calls. 

The termination checking software AProVE [GTSK05] succeeds in proving 
termination of example [1] by using an analysis involving instance computation 
and symbolic reduction. As noted previously, it seems that such an analysis 
may be used to infer the type annotations required in our framework. At the 
moment it is unclear how the typing approach compares to these techniques. 
More investigation is clearly needed in this direction. 

AProVE can also easily prove termination of the second rewrite system (ex- 
ample [2]) . However semantic information needs to be inferred (for example a 



polynomial interpretation needs to be given) when trying to well-order the cycle 



/ (Node X y) ^ g (i (Node x y) ±^ g (Node x y) ^ f (i x) 

This information is already supplied by our type system (through the fact that 
i is of type "ia.Bia) — » B(a)), and therefore it suffices to consider only syntactic 
information on the approximated dependency graph. The subterm criterion by 
Aoto and Yamada |AY05) is insufhcient to treat this example. 

The framework described here is only the first step towards a satisfactory 
higher-order dependency pair framework using refinement types. We intuitively 
consider a "type level" first-order rewrite system, use standard techniques to show 
that that system is terminating, and show that this implies termination of the 
object level system. More work is required to obtain a satisfactory "dependency 
pairs by typing" framework. 

Our work seems quite orthogonal to the size-change principle [LJBaOl] . which 
suggests we could apply this principle to treat cycles in the typed dependency 
graph, as a more powerful criterion than simple decrease on one indexed argu- 
ment. 

It is clear that the definitions and proofs in the current work extend to other 
first-order inductive types like lists, Peano natural numbers, etc. We conjecture 
that this framework can be extended to more general positive inductive types, 
like the type of Brower ordinals |BJO02j . These kinds of inductive types seem 
to be difficult to treat with other (non type-based) methods. 

For now types have to be explicitly given by the user, and it would be in- 
teresting to investigate inference of annotations. Notice that trivial annotations 
(return type always B(_)) can very easily be infered automatically. Some work 
on automatic inference of type-level annotations has been carried out by Chin et 
al . [CKOlj which may provide inspiration. On the other hand, we believe that 
the inference of the explicit type information in the terms is quite feasible with 
current state-of-the-art methods, for example those used for inferring the type 
of functional programs using GADTs J VWW06 , . 

We believe that refinement types are simply an alternative way of presenting 
the dependency pair method for higher-order rewrite systems. It is the occasion 
to draw a parallel between the types community and the rewriting community, 
by emphasizing that techniques used for the inference of dependent type anno- 
tations (for example work on liquid types |RKJ08j ). may in fact be used to infer 
information necessary for proving termination and (we believe) vice- versa. It may 
also be interesting in the case of a programming language for the user to supply 
the types as documentation, in what some call "type directed programing". 

We only consider matching on non-defined symbols, though an extension to 
a framework with matching on defined symbols seems feasible if we add some 
conversion rule to our type system. 
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A The full system of example [2] 



Every rule is typed in the context x: B(a),y: B(p), and we remind that the types 
of defined functions are: 



f,g: "ia.Bia) B{_) h:Ma.B{a) B(±) i: Va.B(a) B(a) 



The rewrite system with aU type annotations is then 



/ node(Q',jS) (Node a p x y) g node(a,f3) (i node{a,fT) (Node a /3 x y) 

g node(a,j6) (Node a p x y) — > f a (i a x) 

g leaf Leaf f ± (h leaf Leaf) 

i node(a,f5) (Node a p xy) Node node(Q;,jS) (/ a x) (i /3 y) 

i leaf Leaf — > Leaf 

h node(a,/3) (Node a f3 x y) — > h a x 



B Proof of theorem [6] 



The proof uses computability predicates (or candidates). As mentioned before, 
the absence of control, and particularly the lack of orthogonality makes giving 
accurate semantics somewhat difficult. We draw inspiration from the termina- 
tion semantics of Berger |Ber05| . which uses sets of values to denote terms. As 
is standard in computability proofs, each type will be interpreted as a set of 
strongly normalizing (erased) terms. Suppose a term t reduces to the normal 
forms Leaf and Node Leaf Leaf. In that case t is in the candidate that contains 
all terms that reduce to Leaf or Node Leaf Leaf, or are hereditarily neutral. If t 
the erasure of a term of type B(a) for some pattern variable a, the interpretation 
[[B(a)]] must depend on some valuation of the free variable a. If we valuate a by 
some closed pattern p and interpret IB(a)]] by the set of terms whose normal 
forms are neutral or match p, then the only possible choice for p is _. Clearly 
this does not give us the most precise possible semantics for f, as it also includes 
terms such as m = Node (Node x y) Leaf. However we need precise semantics 
if we are to capture the information needed for the dependency analysis: if we 
take the constructor term / — Node Leaf x, then a reduct of t does match 
but this can never happen for u. To give sufficiently precise semantics to terms, 
we therefore need to interpret pattern variables with sets of closed patterns. In 
this case we will interpret a by the set {leaf, node(leaf, leaf)) to capture the most 
precise semantics possible for t. 

We define the interpretation of types, and prove that they satisfy the Girard 
conditions. We then show that correctness of the defined function symbols implies 
correctness of the semantics. 



Definition 7 A value is a term v € Tnn''' of the form: 



— Ax.t 



— Node t u 

— Leaf 

For any t e Trm!'^ we say v is a value of t ii t v and v is a value. 

A term is neutral if it is not a value, and is hereditarily neutral if it has no 
values. 



Definition 8 Let Pc be the set of closed patterns, and NT^ is the set of 'Rfi- 
normal forms in 7rm'''. The term matching relation <KiC M'F X fc is defined in 
the following way: 

- V -^i _ 

- V ^4, /7 if V is neutral. 

- V «:J, Viodt{p,q) \iv- Node vi V2 with vi <sci p Iw^ «;J. q'. 

- V <sci leaf if V = Leaf. 

A 'pattern valuation, or valuation if the context is clear, is a partial function 
with finite support from pattern variables 'V to non-empty sets of closed patterns. 
If p is a pattern, is a pattern valuation and T'Vip) c dom(0) then p6 is the set 
defined inductively by: 

- ae = 0(a) 

- leaf 61 = leaf 

- ±6= ± 

- node(pi,p2)9 - {nodeiquqz) \ qi e pi6 Aqxe piO] 

We may write p6 — {p \ ai «— 0{a\), . . . ,a„ «— 0(a„)}, using inspiration from list 
comprehension notation (as in Berger |Ber05) ). li a i dom(0) and f is a non- 
empty set of closed patterns, we write ff'J for the valuation that sends /3 6 dom(0) 
to 6(J3) and a to P. Notice that p6 is a set of closed patterns. 

Finally if is a valuation and f is a term in SN, we write t <&l p0 if for every 
normal form v of f: 

3q e p0, V «:i q 



The type interpretation [[_]]_ is a function that to each T e T and each 
valuation 6 such that T'ViT) c dom(0) associates a set [[rje c SNkup- We define 
it by induction on the structure of T: 

' mp)h = {f € s I f «i p6] 

- ttva.rifl = {f€5yvivp,feirifl»} 

Where S is the smallest set that verifies: 



S - {t e SN I Vv a value of f, v = Leaf Vv - Node fi r2 A fi, f2 e S} 



The next step in the reducibility proof is to verify that the interpretation 
of terms verify the Girard conditions: A subset X c Trn^'^ satisfies the Girard 
conditions if 

1. strong normalization: X c SN 

2. stability by reduction: for every term f e X, if m is such that / u, then m e X. 

3. "sheaf condition": if t is neutral, and for every term u such that t ^ u, u € X, 
then t €X. 

These embody the exact combinatorial properties required to carry through 
the inductive proof of correctness, namely that every well-typed term is in the 
interpretation of its type. 

Lemma 9 If T 6 7" is a type, then for every valuation 9, 
Hrjfl satisfies the girard conditions 
Proof. We proceed by induction on the structure of T. 

-T= B(p) 

• Strong normalization: by definition of S. 

• Stability by reduction. Suppose that t e ^B{p)^g. If t ->* u, then the set of 

normal forms of u is contained in the set of normal forms of t. 

• Sheaf condition. Suppose that t is neutral and that each one step reduct of 
t is in Now either t is in normal form, and then t «:4, p9 (as it is 
non empty), or for every one step reduct m of f, m p6. But in this case 
every normal form of t is the normal form of some t ^ u, and thus t <Sil p9. 

- T = Ti^T2 

• Strong normalization: by definition. 

• Stability by reduction. Simple application of induction hypothesis. 

• Sheaf condition: Let t be neutral and suppose that e |[r — > f/Jg for every 
t' a reduct of t. Let u be an arbitrary element of HTJo. Then t' u' e Hf/Je 
for every reduct u u', by definition of the interpretation and stability 
by reduction. By induction hypothesis, this implies that t u e as it is 
again a neutral term. As u was chosen arbitrarily, then t is in [[T — > UJg. 

- r = \/a.U 

• Strong normalization: by definition. 

• Stability by reduction: Let t e |[Va.J7]]fl. We have for every set P of closed 
terms, t e By induction, every reduct m of / is also in E_UJg«. As P 
was chosen arbitrarily, u is also in [[Va.f/]]^. 

• Sheaf condition. Let t be neutral and suppose that one step reducts of t are 
in ([Va.t/Jg. Take an arbitrary P. Every reduct off is in By induction 
hypothesis, t is in [[f/Je/j, from which we may conclude. 

■ 

Now we give the conditional correctness theorem, which states that if the 
function symbols belong to the interpretation of their types, then so does every 
well-typed term. 



Definition 10 Let 6 be a pattern valuation, a a substitution from term variables 
to erased terms, and F a context. We say that {6, a) validates F, and we write 
cr \=e F, if the set of free pattern variables in F is contained in dom(0), and if for 
every x e dom(r) 

o-ix) e IFx^e 

Likewise, we write cr\=0t:T if T'Vit) c dom(o-), T'ViT) c dom(6l) and 

Theorem 11 Suppose that for each f & E and each valuation 6, 

f e ET/le 

then for every context F, term t and type T, if F \- f.T 

V(0,cr), cr\^,F^(r\^gt:F 
We need the classic substitution lemma for types: 

Lemma 12 For every patterns q,p and valuation 6, if a is not in the domain of 
6, then 

p[a q}0 = pff^g 
Proof. We proceed by induction on the structure of p: 

— p — a: trivial. 

— p - p a: We have p[a ^ q} - fi and therefore p[a i-> q}6 - 6(J}) - ff^gifi)- 

— p = leaf,_, ±: trivial. 

— p - nodeipupi)- We have p{a i-> q]6 = node(pi{ar i-^ q],p2{a i-^ q])6. But this 
last term is equal to 

{node(^i,^2) I qi e Pda i-> q)0, i = 1,2} 
which by induction is equal to 

{nodeC^i, q2) \ qt e Piff^^, i=l,2} 
which allows us to conclude. 



Lemma 13 (substitution lemma) 

Let r be a type and G a pattern valuation. If a does not appear in the domain 
of 6 then: 

lT{a ^ pile = mff-^ 
Proof. We proceed by induction on the type. 



Atomic case: 

lB{q)[a ^ p]h ^{teSN\t «i q{a ^ p}0} 

But by lemma [T^ q{a p]0 — pff^g^ from which we can conclude. 
Arrow case: straightforward from induction hypothesis. 

case VjS.T. We may suppose by Barendregts convention that /3 is distinct from 
a, not in the domain of and distinct from all variables in p. We then have: 

imT){a ^ p]]\g = {f € 5yV I Ve, f € lT{a « p]^] 

Let 0' - (fQ. We may apply the induction hypothesis, which gives: 

lT{a M p]le' = me'". 
And as p does not appear in p: 



But we have: 



p8 >e Q 



"pe Q P" 



Which concludes the argument. 

■ 

We may easily generalize this result to: 

Corollary 14 Let T be a type. If is a substitution, and is a valuation such 
that the variables of T do not appear in the domain of 0, then: 

Where o (p is the valuation defined by o ip(a) = (p{a)0. 

Another useful lemma states that type interpretations only depend on the 
value of the pattern substitutions in the free variables of the type. 

Lemma 15 Let T be some type and 0,0' be two closed pattern substitutions. 
If 0{a) = 6' {a) for every a e T'ViT), then IT^g = IT^g.. 

Proof. Straightforward induction on T . 

The next lemmas show correctness of the interpretation with respect to sub- 
typing. 

Definition 16 Let P and Q be sets of closed patterns. We write P ^ Q \i for 
each p & P, there is a ^ € 2 such that p ^ q. 



Lemma 17 Let be a pattern valuation. If /? «; ^, then p0 «; q0 



Proof. Induction on the derivation oi p ^ q. The only interesting case 
is node(pi,/?2) node(^i,q'2) with /?,■ <sc qi for / - 1,2. In that case, if r e 
node(/7i, p2)S, we have r = node(ri,r2) with r,- € pi9 for / = 1,2. By induction 
hypothesis, there is r[,r'2 in noAt{qi,q2)0 such that r; <«; r^' for each i. Then we 
take node(r'pr2) e node(g'i, ^'2)6 to conclude. 

■ 

Lemma 18 Suppose T <U. Then for all 0, irje c fUJe 

Proof. We proceed by induction on all the possible cases for the judgement 
T <U. 

— p ^ q: We first show that for all terms f, and every non-empty set of closed 
patterns P and Q, ii P <s: Q, then t P t <«ci Q. This follows from the 
following fact: if v is in normal form and r ^ then 

To show this we proceed by induction on the «: judgement. The first three 
cases are easy. In the fourth case, v «;4. node(ri, r2) which by definition implies 
that V - Node V] V2, with V] <sci ri and V2 «cj. r2. We can then conclude by 
the induction hypothesis. 

Now using lemma [T71 we have, ii p q, t <«i p9 ^ t <«i q9. 

Now let t e ^B{p)'^g, we have by definition f «;J, and by the previous 
remark, f <KJ, ^0 which implies f e [[-B(^)]]fl. 

— Suppose T2 < Ti and U\ < 1/2- Let t be in ^ we show that it is 
in 1172 1/2^8- Let u be in |[r2]]6i. By the induction hypothesis, u 6 irijg, 
therefore (by definition of ^Ti — > t/iJe), f « is in [[t/iJe, which by another 
application of the induction hypothesis, is included in [[t/2]le- From this we 
can conclude that f is in [[72 — » t/2]le- 

— Let f be a term in HVa.rje and P be some arbitrary set of closed patterns, 
and suppose that a is a variable not appearing in the domain of 6. We then 
have 

Since Va.T < Va.U, we have T < U. The induction hypothesis gives: 
for all valuations 6' . Take 0' to he 0^. We have: 
From this we can deduce f e Ht/Jej and conclude. 

■ 

We shall also need the fact that given T and a valuation 0, then Hrjg is 
included in ^T'^s' if 0' is a weakening of on the variables in positive position in 
T. 



Lemma 19 Let T be a type and 0,0' two pattern valuations. M0(a) <sc 6'(a) for 
every free variable a e T in a positive position, and 0(P) — 0'(J3) for every other 
variable, then 

me £ ITh' 

Conversely if 6(a) «; 0'(a) for every free variable c in a negative position, then 

Proof. First notice that if /? is a pattern, then p6 <«c p6' , by a simple induction 
on p. We prove both propositions simultaneously by induction on T: 

^ T — B(p). All variables of p appear positively in T. Then by the above remark, 
p6 « pff, and therefore lB(p)^g c IBip)^,. 

— r = Ji — > We treat the positive case. We have by induction hypothesis 
EriJe' c [[riUfl, as all variable of Ti that appear positively in T appear neg- 
atively in Ti, and ^T2jg £ |[r2]]e'- Therefore, by definition of ^Ti — > TaJ^, we 
have: 

The negative case is treated in the same fashion. 

— T — Va.U: straightforward induction. 



We can now prove the correctness of the interpretation relative to that of the 
function symbols (theorem [11]) . 

Proof. We proceed by induction on the typing derivation. 

— ax: by definition of cr |=g r. 

— t-lam: By induction hypothesis, for all cr',6' such that cr' |=g< r,x: T, tcr' is in 
Ht/Js'. By definition of [[T f/Je, we need to show that for any u e [[rje, 
(Ax: T.t)cru is in It/Je. Now as this term is neutral, it suffices to show that 
every reduct is in ^UJg. We proceed by well founded induction on the reducts 
of t and M. Thus if (Ax: T.t)cru -> (Ax: T.t')cru' with f -> f' or m -> u', then we 
may conclude by well-founded induction hypothesis. The remaining case is 
(Ax:T.t)cru ^ tcr{x i-» u]. To show that this is in [[t/Je, we apply the main 
induction hypothesis with cr' = cr,*, and 0' — 6. 

It can be argued that this argument is the fundamental combinatory expla- 
nation for normalization of y6-reduction. 

— p-lam: by induction hypothesis, for all cr', 0' such that cr' \^g' F, \t\cr' is in 
Hrje'. Let cr,0 be some such valuations and f be a set of closed patterns. As 
|Aa.f|cr - \t\o-, we need to show that \t\cr e [[rje^ 

Observe that if a does not appear in F, then cr \^g F implies cr |=e^ F, by virtue 
of lemma fTSl We may therefore conclude that |f|cr is in [[rje^. 

— leaf-intro: Clear by definition of |IB(leaf)]]e 



— node-intro: let t,u be terms in |[B(a)]]g and respectively. The normal 
forms of Node t u are of the form Node f u', with f' and u' normal forms 
of t and u, respectively. Therefore, to check if Node f u <«ci node(d{a),6(P)), it 
suffices to check t «4, 0(a) and u «:i 0(J3), both of which are true by hypothesis. 

— t-app: straightforward by the induction hypothesis. 

— p-app: by hypothesis, |f|cr e [[Vx.rjfl, this gives by definition \t\cr e |ir]]a>^, and 
by the substitution lemma flemma[T5|. \t\cr e ^T{x i-> p]^g, therefore 

If p\cr e lT{x ^ p}h 

— symb: By hypothesis. 

— sub: By application of the correctness of subtyping (lemma [TS]) . and the in- 
duction hypothesis. 

■ 

Now it remains to show that each function symbol is computable. By analogy 
with the first-order dependency pair framework, we need to build an order on 
terms that is in relation to the approximated dependency graph. Then sequences 
of decreasing terms will be the analogue of chains, and we will show that there 
can be no infinite decreasing sequences. Instead of actual terms, it is more conve- 
nient, when dealing with higher-order rewriting, to order tuples of terms labeled 
by a head function symbol, i.e. instead of having ft > gu we have {f,t) > {g,u). 
The reason for this is that recursive calls in the right-hand side of rewrite rules 
needn't be applied to all their arguments. We will therefore need a way of using 
typing to "predict" which arguments may be applied, using the order on tuples 
as above. 

However it is quite subtle to build this order in practice: indeed, a natural 
candidate for such an order is (the transitive closure of) the order defined by 
(/, t) > (g, u) if and only if 

39, cp, fHp !,...,/?„)-> gHqu . . . , e g, V/, e mpdh A uj e lB(qj)]\^ 

This would allow us to easily build the relation between the graph and the order, 
and show that each call induces a decrease in this order. Sadly, this order may 
not be well founded even in the event that the termination criterion is satisfied. 
Consider for example the rule / node(a,y8) (Node x y) ^ f a x, typeable in the 
context r = x: B{a),y: B(J3). Given the above definition, we have (/, f) > (/, m) 
provided that there are closed p and q such that t <scj, p and u q. But then 
we may take p - q - - and if f = z and u - z with z a variable, then (/, z) > (/, z). 
The rewrite system does satisfy the criterion, as node(a,/?) > a, but the order is 
not well founded. 

One possible solution is to restrict the reduction to call-by value on closed 
terms, where a reduction in 'R can occur only if the arguments to the defined 
function are in normal form, and values (although jS-reduction can occur at any 
moment). However we strive for more generality. 

Another solution, in the previous example, is to impose the condition that t 
must be equal to Node fi t2, which makes the counter-example invalid. However, 



we still do not have any necessary relationship between t and u, and we may take 
in particular t = Node x y and u = Node x y, which again results in a non well 
founded sequence. The solution is to take, instead of just a particular instance 
of the pattern variables, the most general possible instance. 

Definition 20 Take the set Pmin of minimal patterns to be the subset of T 
defined by: 

p,q& Pmin '■= a I leaf | node(p, q) 

Let t be a term in normal form. We inductively define the pattern form pat{t) 
of t inductively: 

— pat(t) = _L if f is neutral. 

— paf(Leaf) - leaf 

— patiNode t u) - \\ode{pat{t),pat{u)) 

— pat{i) = _ otherwise. 

Wc define the partial type matching function matchp that takes terms ti, . . . ,(„ 
in Trm}\ and minimal patterns pi, . . . , p„ in Pmin and returns a pattern valuation: 

— if pi = ai, . . . , p„ = a„ and = tj whenever a,- = aj, then 

matchp(f,/>)(Qr,) = ti 

— if Pi = node(^i,^2) and = Node ui U2 then 

matchp(f; p) = matchp(?i, . . . , ; Pi,---, Pi-i, qi,q2, Pi+i, ■■■,Pn) 

— if Pi = leaf and ti = Leaf then 

matchp(/7, /) = matchp(f 1 , . . . , , , . . . , f„ ; pi , . . . , , , . . . , p„) 

— matchp is undefined in other cases. 

The type matching can be seen as a way of giving the most precise possible 
valuation for terms that match some left-hand side of a rule. Notice that for 
each /"(/>) gH^) 6 &, each pi is in Pmin- Indeed, an examination of the minimal 
typing rules show that only minimal patterns may appear in types. 

Note also that if match(t,p) = 6, then for each i, ti «J- piO, by a simple 
induction. 

Definition 21 A link is a tuple in,t,u) such that 

— t,u €SN 

-n = f^ip) ^ gHq) € Q 

— matchp(f,/>) is defined, and if it is equal to 0, then 

V 7, Uj «4. q0 

For some extension ff of Q such that T'Y{)i) S dom(0')- 



A chain is an eventually infinite sequence ci,C2, . . . of links such that if c; = 
(n,-, ti,Ui), then for each /, 

and if = ff(p) ^ g^.(q) then gi = . 

Notice that if f^^iq) c T'V{p) then we may take 9' - 9 m the definition of 
chains. 

We first need to show a correspondence between the chains and the graph, 
that is: 

Lemma 22 For each chain ci,C2, ... such that c,- - {ni,ti,Ui), there is a path 
"1 ^ "2 ^ ■ ■ • in 

Proof. It suffices to show that if ci - {rti, t,u),C2 = {n2,u',v) is a chain, then 
there is an edge between «i = fhp) ^ ^"(9) and = -> h^(s). First note 
that the variables of q and r are distinct by hypothesis. Notice that for each i, 
Ui «cj. qiO for some t and matchp(r/, mJ) is defined. We need to prove for each i 
that qi X r/. As m/ ->* mJ, all normal forms of u'- are also normal forms of m,-. We 
proceed by induction on matchp(r,-, mJ). 

— r/ is a variable. We can conclude immediately by the definition of x, as a fresh 
variable can unify with any pattern. 

— u'j — Leaf and r/ — leaf. In this case Leaf is a normal form of m,-, so there is 
some q' e qi9 such that Leaf «;i q' . From this it follows that qi is either leaf, 
_ or some variable. This allows us to conclude that qi x leaf. 

— u'. - Node mJ' u'^ and r,- = node(r^ , rf). Now let us examine qi. We may exclude 
the cases qi — leaf and qi — ±, as every normal form of u'. is a normal form 
of Ui and is of the form Node v v'. In the case qi — a or qi — _ we may easily 
conclude. The only remaining case is qi — node(q^,qj). From the induction 
hypothesis we get qj x rj and qj x rj, which imply qi <x ri 

u 

If the conditions of the termination theorem are satisfied, the there are no 
infinite chains, in the same way as for the first-order dependency pair approach. 

Theorem 23 Suppose that the conditions of theorem[6]are satisfied. Then there 
are no infinite chains. 

We need to define and establish the well foundedness of the embedding order 
on terms. 

Definition 24 We mutually define the strict and large embedding preorder on 
erased terms in normal form > and > by: 

— ti>u^ Node fi t2> u 

— t2>u^ Node fi f2 > M 



— ti > ui At2>U2 Node h t2 > Node ui U2 

— fi > Ml A f2 > "2 Node ti t2 > Node mi U2 

— Leaf > Leaf 

— t>u\it and u are neutral. 

— t>u=i> t>u 

Note that the preorder is not an order: for instance, x>y and y>x. 

Lemma 25 The preorder > is well-founded. 

Proof. Given a term in normal form t, define size(f) inductively: 

— size(Node t\ 12) = size(fi) + size(?2) + 1 

— size(f) = otherwise. 

It is then easy to verify by mutual induction that ii t> u, size(0 > size(M) and if 
t>u then size(0 > size(M). Well foundedness of the order on naturals yields the 
desired conclusion. 

■ 

To show that there are no infinite chains, we will exploit the fact that if 
c = («, t, u) is a link, that is decreasing in the embedding order on patterns, then 
there is a decrease in the normal forms from / to m. 

To show this, we must prove that pattern-matching does indeed completely 
capture the "pattern semantics" of a term in S. 

Lemma 26 Suppose t are terms in S and p are minimal patterns. If Taa.tchp{t,p) 
is defined and equal to 6, then for each q e piO, there is a normal form v of 

such that pat(v) — q. 

Proof. We proceed by induction on the definition of matchp: 

— Pi - a,. In this case (as matchp(/,/>) is defined) By definition a6 is equal to 
{pat(v) I V is a normal form of f,). 

— Pi = leaf. In this case f; = Leaf and therefore we can take v - Leaf. 

— Pi - node(p^ , pj). In this case, f,- = Node tj tf. By the induction hypothesis, 
for any qi € p\9 and q2 e p^^O there are normal forms vi and V2 of t] and 

such that qj = pat(vj) for j = 1,2. It is easy to observe that Node vi V2 
is a normal form of f,, and that q - node(qi,q2) is an element of PiO, and 
pat{Node vi V2) = q allows us to conclude. 

■ 

To prove that there are no infinite chains, we need to relate the decrease of 
the patterns to the decrease of the normal forms of the terms that appear in 
chains. 

Lemma 27 Suppose that p and q are closed patterns such that p > q (respec- 
tively p >q), and vi, V2 normal forms such that pat(vi) = p and V2 q. Then 
vi > V2 (respectively vi > V2). 



Proof. We prove both properties simultaneously by induction on the deriva- 
tion of p > q: 

— p — node(/?i,/?2) and pi >q. We have vi = Node ui U2 with pat(ui) — p\. By 
induction hypothesis u\ > V2, and therefore Node u\ U2> V2. 

^ p — node(pi, p2),q — node(qi,q2) with pi > q\ and p2 & q2- In that case vi = 
Node v| Vj and V2 = Node v^. The induction hypothesis gives v[ > and 
Vj > Vj, from which we may conclude. 

— The symmetrical cases are treated in the same manner. 

— p — leaf and q — leaf. In this case, v\ — V2 - Leaf, and vi > V2. 

Lemma 28 Let c = (n,t,u) be some link such that n - f^{p) gK^)- Suppose 
that there is ; such that pi > qi, (respectively pi > qi). Then if v is a normal form 
of M, there exists some normal form v' of t such that v' > v, (respectively v' > v). 

Proof. Let 9 - matchp(i,/7), which is guaranteed to exist by hypothesis. First 
notice that for every a e T'V{p), 6(a) does not contain _. Indeed, given t e S, 
the normal form of t is also in S. It can only be neutral, equal to Leaf, or in the 
form Node t[ t2 with in the above form. 

We treat the > case first. Suppose that v is a normal form of By definition, 
we have «;J. qfi, which means by definition that there is some r e q/O such 
that V <Kl r. Since pi > qi, this implies that there is some r' e such that r' > r. 
We have by lemma [26] that there exists some v' a normal form of f,- such that 
pat{v') - r' , which allows us to conclude using lemma [27l 

■ 

We finally have all the tools to give the proof of well foundedness of chains. 
Proof, of theorem [23l 

By contradiction, let ci,C2, . . . be an infinite chain, such that for each c,- = 
(n,-, ti,Ui). By lemma [22l n\,n2, ■ ■ ■ is an infinite path in @. By finiteness of Q, there 
is some SCC Q' and some natural number k such that nk,nk+i, ... is contained 
in 0'. By hypothesis, if n,- - ff(p') g^ig'), there is an index j such that for 
each /, p'j > q'j or p'j > pj. Furthermore, again by hypothesis, there are an infinite 
number of indexes ; such that p'j > q'j. Let Vi = {v | v is a normal form of f^) and 
Ui = {v I V is a normal form of u'j]. We apply lemma [28l to show that for each 
v'. e Ui there exists v,- e Vi such that v,- > v'. for these indexes and v,- > v'. for the 
others. 

We wish to show that there is an infinite chain vi, V2, . . . such that v/ > v,+i 
for each ; and v; > v,+i for an infinite number of indexes /, contradicting well- 
foundedness of > (lemma [211) . 

To do this we first notice that y,+i c Ui, as m,- Then we build the 

following tree: 

— We have a node at the top, connected to every element of Va-. 

— We have a node between a e Vi and b in Ui ii a > b or a > b. 

— We have a node between a e Ui and b e y,+i ii a - b. 



Notice first that every V,-, J/,- is finite, as the rewrite system is finite (each strongly 
normalizing term therefore has a finite number of normal forms). We wish to 
apply Konig's lemma which states: every finitely branching infinite tree has an 
infinite path. It is easy to see that the tree is finitely branching: every V,- and f/,- 
is finite, and it is equally easy to verify that the tree is infinite, as no V,- or Ui 
is empty (the and m,- are strongly normalizing and therefore have at least one 
normal form). This give us the existence of an infinite path in the tree, which 
concludes the proof. 

■ 

To prove that the function symbols are in the interpretation of their type, 
we shall (obviously) need to consider the rewrite rules. In particular, we need to 
relate the minimal typing used to derive the types of left hand sides and pattern 
matching, in order to prove that our notion of chain is the correct one. 

Lemma 29 Suppose that F is a context, that /i, . . . , 4 are constructor terms and 
that r hmin h'- B{p\), . . . ,r \-,„i„ Ik'.Bipii). Suppose that t\,...,tk match l\,...,lk. 
Then matchy>(f,/7) is defined. 

Proof. We proceed by induction on the structures of /,■ (matching the cases 
of the matchp judgement) 

— h = xi,...,ln - x„.ln this case, the only applicable case for \-min is the variable 
case. If Xi = Xj, then f, = tj. Furthermore pi = Ui for some variable a,- and 
again, a,- - aj if and only if x, = xj, by linearity of or,- and aj in F. Therefore 
if at = aj, then tj = tj, and matchp{t,p) is defined. 

— = Leaf. In this case the only applicable rule is the leaf rule, and pi = leaf 
and ti = Leaf. By induction malchp{t,p) is defined. 

— /; - Node ij ij. In this case we apply the node rule, and we have pi = 
node(p',p?). Again, we have ti = Node tj tf, and we may conclude by the 
induction hypothesis. 

■ 

Our reason for defining pattern matching is to provide the "closest" possi- 
ble pattern semantics for a term. In fact we have the following result, which 
states that any valuation 6 such that t is in can be "factored through" 

match(?, p): 

Lemma 30 Suppose that f is a tuple of strongly normalizing terms, that or is a 
tuple of pattern variables, and 6' is a valuation that verifies: 

Vj,?,e[[B(a,)]]e' 

Suppose in addition that p are minimal patterns such that matchp(f, p) is defined 
and equal to 6. Let (f> be the substitution that sends a,- to p,-. Then 



Proof. We proceed by induction on the judgment matchy>(i,/7). 

— Pi = A' for each pi, and therefore <^(a/) - Pi. In that case, 6 o 0(a/) = [patiy) \ 

V normal form of f,}. Furthermore, <s;4. O'(ai). Take some v a normal form of 
ti. We have some q e 0'(a',) such that v «:J, ^. We then verify that pat{v) <& q, 
which implies 6 o 0(a;) <s 0'(a;) 

— /7/ = leaf. In this case, ff o <p(ai) - leaf. By f,- «:i 0'(a,) and - Leaf, we have 
that 0'(ai) contains leaf or _, and in each case we can conclude. 

— Pi = node(/7 ',/??). In this case, f,- = Node f[ tf, and 

o (f,{ai) = {node(ri, r2) In € /?'6I A rj e p^fl) 

By tj <sci O'iai) we have for each normal form v of f,- some ^ in 0'{ai) such that 

V «;4. q. In addition v is of the form Node vi V2, where vi is a normal form of 
tj and V2 is a normal form of f?. From this we get that either q — in which 
case we are done, or ^ = node(^i,^2) with vi <Ki qi and V2 «:J, ^2- In this case 
we apply the induction hypothesis to deduce that there is some ri e p^O and 
r2 e pjO such that ri -c and r2 «: ^2, and thus node(ri,r2) <K node(^i, ^'2)- 



Definition 31 We define the following order >cip on pairs (/, t) with f ^ S and 
f a tuple of terms: 

(/, t) >dp (g, u) o 3t', n = /»(/;) ^ gHq), t A (n, t' , u) is a link 

That is, if t reduces to t' such that there is a link between t' and «, and where 
the associated node corresponds to a call from / to g. 

Lemma 32 If the conditions of theorem IH] are satisfied then the order >dp is 
well-founded. 

Proof. Any infinite decreasing sequence > (/i,^2) > ■■• gives rise to 

an infinite chain, which is not possible by theorem 1231 

We have enough to prove the main theorem, that is correctness of defined 
symbols. 

Theorem 33 Suppose that the conditions of theorem |6] are satisfied. Then for 
each f € X and each valuation 0, f e It/J. 

Proof. Suppose that Tf - 'ia.B{a\) —»...—» B{ak) — » T f. Take 9 a valuation 
and t\, . . . ,t„ in [[^(q'i)]]^, . . . , ^B{ak)^e- We need to show that 

Note that each is strongly normalizing. We proceed first by induction on t 
ordered by strict reduction. As t - f t is neutral, it suffices to consider all the 
one step reducts f of /. These reducts are of two forms: 



— t' - f ti . . .f. . . .tk with fj -> t'.. We conclude by the induction hypothesis. 

— There is some rule I ^ r e "R, and some substitution cr such that \l\cr — f, and 
\r\cr = t' . We then proceed by induction on (/, t) ordered by >dp. We have by 
hypothesis that there is some context F and some derivation F hmin U '■ B(pi) 
for each /, and a derivation F k r: Tf<p, with cp the substitution that sends ai 
to Pi. 

By lemma [521 matchp = (/r is defined. We therefore have f/ e for 
each i, which gives e Ifi(Q';)]li/(o</. by the substitution lemma. By lemma [501 
i// o (p ^ 0. We may then apply the positivity condition of tj using lemma 
[191 to deduce that [[r/]]^o0 £ iryja. Therefore it suffices to show that t' is in 
[[r/]]|/,o0, which is equal to [[Ty^i]]^ by the substitution lemma. By hypothesis, 
F \- riTfif), so we would like to apply the correctness theorem [TT] to show that 
t' = \r\cr € HT/^]]^. The correctness theorem itself can not be applied, as it 
takes as hypothesis the correctness of function symbols, which we are trying 
to prove. But we will proceed in the same manner, making essential use of the 
well-founded induction hypothesis. 

Let us first show by induction on the derivation of F !-,„,„ that for each 
X e dom(cr), cr(x) e lF{x)l^. 

• = X. We have cr(x) = f,- e IB(y)]],/, with y = pi and iffiPd - {pat(v) | 
V normal form of f,} 

• li = Leaf. We have nothing to show here. 

• li = Node fi. Simple application of the induction hypothesis. 

Now we prove by induction on the derivation oi F h r: Ff(p that \r\cr e [[r/^]]^. 
We can exactly mimic the proof of theorem [TI] except for the symb case. 
In this case, there is a g such that r = gq, and if Tg - 'ip.B{P\) ^ . . . — > 
Bifim) Fg, we need to show that, for some extension i/r' of psi, g e ^B(qi) — > 
. . . — > B(qm) T^ijlli/,'. Recall the induction hypothesis on if,t), which states 
that for every 6, if (/, t) >jp ig,u), then gu e ir^Ja. Now take 6 to he iff' o ^ 
where ^ is the substitution that sends /?,■ to qi. It suffices to show that if for 
i = l,...,m Ui e IB()S,)]l^'of , then (f,t) >dp (g,u). For this we need to show 
that there exists n e such that: 

• „ = /tt(r) ^ gHs) 

• matchp(i, r) - 

• There is an extension 9' of such that 

u «;J. a-6' 

We just take n to be the node that corresponds to the call site of gq. In this 
case, r - p and s - q. By definition, matchp(i,/;) is defined and equal to ijj. 
Then \p' is an extension of ip and as m,- € IBCySiOliA'of - we have 

Ui «;4, qiip' . 



Corollary 34 Every well-typed term is in the interpretation of its type, that is 



\/F,t,F F \- f.F ^ \t\ e Hrj 



Where Hrj is [[rje where 6 is the valuation that sends every variable to the set 
{-}■ 



Proof. In fact it does not matter which we choose: let be any valuation. 
Given a variable x and a type T, by lemma IHl e irjg, as x is neutral and in 
normal form. Given F )- t:T,we can therefore take the substitution cr that sends 
every variable x e dom(r) to itself. In that case cr(x) e [[/"(.x)]]^ by the above 
remark, and by the combination of theorem [TT] and theorem [551 \t\cr e [[rje. But 
in this case \t\cr - \t\. 

■ 

We obtain the statement of theorem [HI as a corollary: every well typed term 
is in the interpretation of its type, but this interpretation only contains strongly 
normalizing terms by lemma ID 



